File _patchinfo of Package patchinfo

<patchinfo incident="3664">
  <issue id="923172" tracker="bnc">VUL-1: python-django,python-Django: CVE-2015-2316 Django: possible denial of service in strip_tags()</issue>
  <issue id="913056" tracker="bnc">VUL-1: CVE-2015-0221: python-django: denial of service attack against django.views.static.serve</issue>
  <issue id="913055" tracker="bnc">VUL-1: CVE-2015-0222: python-django: database denial of service with ModelMultipleChoiceField</issue>
  <issue id="923176" tracker="bnc">VUL-1: python-django,python-Django: CVE-2015-2317 Django: possible XSS attack via user-supplied redirect URLs</issue>
  <issue id="913053" tracker="bnc">VUL-1: CVE-2015-0219: python-django: WSGI header spoofing via underscore/dash conflation</issue>
  <issue id="CVE-2015-2317" tracker="cve" />
  <issue id="CVE-2015-2316" tracker="cve" />
  <issue id="CVE-2015-0219" tracker="cve" />
  <issue id="CVE-2015-0222" tracker="cve" />
  <issue id="CVE-2015-0221" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>bmwiedemann</packager>
  <description>python-django was updated to 1.6.11 to fix security issues and non-security bugs.

THe following vulnerabilities were fixed:

* Made is_safe_url() reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs (bnc#923176, CVE-2015-2317)
* Fixed an infinite loop possibility in strip_tags() (bnc#923172, CVE-2015-2316)
* WSGI header spoofing via underscore/dash conflation (bnc#913053, CVE-2015-0219)
* Mitigated possible XSS attack via user-supplied redirect URLs
* Denial-of-service attack against ``django.views.static.serve``   (bnc#913056, CVE-2015-0221)
* Database denial-of-service with ``ModelMultipleChoiceField`` (bnc#913055, CVE-2015-0222)

The update also contains fixes for non-security bugs, functional and stability issues.
</description>
  <summary>Security update for python-Django</summary>
</patchinfo>